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Descripti n 

The present invention relates to a portable data storing/processing device such as an IC card having a 
control circuit, e.g. CPU, and a memory. 

s A banking organ such as a bank has used a so called cash card with an account number by which 
money can be deposited or withdrawn without a bankbook. In order to prevent another person from illicitly 
using the card, a password is stored in the cash card for checking whether or not the user is the real owner 
of the card. A magnetic stripe memory is used for the memory of the cash card, in this type of the memory, 
the data stored is easily read. In this respect, the memory has an insufficient protecting function against the 

io read out of data by another person. This gives rise to illicit use of the cash card. 

To cope with this problem, a portable data storing/processing device, such as an IC card, has been 
developed. In this device, a semiconductor memory of which the data can not be seen from the exterior is 
included. In this type of IC card, it is necessary to devide the memory area into an accessible zone and an 
inaccessible zone for a certain people and a certain machine in accordance with the data to be stored. The 

is size and location of the zone in the memory area are properly set in accordance with the issuer of the IC 
card or the system using the IC card. For this reason, the card maker must individually manufacture the 
cards prepared for the card Issuers and the systems. In the conventional IC card, the password is usually 
checked. However, in some cases, the password check is not required. Furthermore, the data is output from 
the IC card being encrypted in accordance with the importance of the data. To meet such a requirement, 

20 the card maker must manufacture additional IC cards not requiring the password check or requiring the data 
encryption. 

Thus, the conventional IC card lacks versatility in use, and has a high manufacturing cost. 

The above description, which relates to a card like portable data storing/processing device, is also 
applicable to a coin like device, and any other portable means (e.g. a ball point pen or a wristwatch) having 
25 such a device assembled therein. 

Prior art document IBM TECHNICAL DISCLOSURE BULLETIN, vol. 22. no. 5, October 1979. pages 
2009-2010. New York, US; A. J. Sutton et al.: "Processors sharing and partitioning of main storage in the MP 
system", describes a plural processor shared storage system. In this system, a main storage is partitioned, 
and a processor identification field permits or denies each processor of the system to access a particular 
30 range of storage addresses according to the identification of the processor. 

It is an object of the present invention to provide a portable data storing/processing device which is 
versatile in use and low in cost to manufacture. 

To solve this object the present invention provides a portable data storing/processing device as stated 
in claim 1 or 2. 

35 This invention can be more fully understood from the following detailed description when taken in 
conjunction with the accompanying drawings, in which: 

Fig. 1 is a plan view of an IC card which is an embodiment of a portable data storing/processing device; 
Fig. 2 is a block diagram of a circuit of an IC chip contained in the IC card; 

Fig. 3 is a perspective view of a card issuing apparatus for writing predetermined data into the IC card 
40 and issuing a card with the written data; 

Fig. 4 shows a block diagram of a control circuit of the card issuing apparatus shown in Fig. 3; and 

Fig. 5 is a longitudinal sectional view of a card transport path of the card issuing apparatus of Rg. 3 

ranging from a slit for card insertion to a IC card reader/writer. 

A preferred embodiment of a portable data storing/processing device according to the present invention 
45 will be described referring to the accompanying drawings. In the present embodiment, the portable data 
storing/processing device is shaped like a card. Fig. 1 shows a plan view of a so called IC card. An IC chip 
to be described later is contained in a card 10 made of plastic, for example. A connector 12 is provided on 
the surface of the card 10. When the card 10 is inserted into a card issuing apparatus or a user terminal 
device (in banks, an automatic cash depositing/withdrawing machine), the connector 12 connects the IC 
50 chip with such a device. 

Rg. 2 is a block diagram of an electric circuit in the IC chip contained in the card 10. The IC chip 
includes a CPU 20, a zone access controller 22, a memory 24, an encrypt circuit 26 and an interface 28. 
The interface 28 is connected to the connector 12 on the card surface. The memory 24 is an EEPROM for 
storing a control program for the CPU 20, and data. Its memory area is segmented into a plurality of zon s. 
55 The zone access controller 22 is also an EEPROM, and stores a password and an access condition for 
each zone of the memory 24 in the form of a zone access table as given in th© following table. The unit of 
zone size is byte. 
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An access person flag A (A1, A2. A3. A4 A8). a terminal flag B (Bl B8), and an output condition 

flag C (C1 C8) each consists of 8-bit data. Each bit of the access person flag A indicates a card 

20 accessible condition for each access person. If the bit is "1 the card is accessible by that access person. 
If it is "0", the card is inaccessible by that access person. In this embodiment, the bits A1 , A2 and A3 of the 
access person flag respectively correspond to a card maker, a card issuer, and a card owner. The bits of 
the terminal flag.B indicate an access condition for each terminal device, respectively. If the bit is "1". the 
card is accessible by that terminal, tf it is "0", the card is inaccessible by that terminal. The bits B1. B2 and 

25 B3 of the terminal flag B correspond to a card issuing apparatus, an updating apparatus (reissuance of an 
expired card is called an "update"), and an user terminal, respectively. In the output condition flag, only the 
bits C1 and C2 are valid. If the bit CI is "1 ". it indicates an indirect encryption of data. If the bit C2 is "1 ". it 
indicates a direct encryption. If both the bits are "0", the data is output without being encrypted. Direct, 
encryption of data means that the data is encrypted by an encrypt key generator in the IC card. Indirect 

30 encryption means that the data is encrypted by an encrypt key generator in the terminal device, not in the 
IC card. 

The access person flag A. the terminal flag B and the output condition flag C are tabulated below. In the 
table, sign indicates invalid data. 

35 
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From Table 2, the zone access table shown in Table 1 can be interpreted in the following way. In Table 
55 1 , the zone No. 1 is accessible only when the maker or the issuer operates the card issuing apparatus. The 
data in the zone is indirectly encrypted and output. The zone No. 2 is accessible only when the issuer or 
the owner operates the card issuing apparatus, the updating apparatus, or the user terminal device. The 
data in this zone is directly encrypted and output. The zone No. 3 is accessible only when the owner uses 
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the user terminal device. The data in this zone is directly encrypted and output. The zone No. 4 is 
accessible only when the owner operates the user terminal device. The data in this zone is output 'without 
being encrypted. In this case, the access person is identified by a password. 

The zone access table is programmed into the zone access controller 22 by the card issuer, for 

5 example> a bank, and not in the manufacturing stage of the IC card. A card issuing apparatus used for 
programming the zone access table will be described. Rg. 3 shows the appearance of a card issuing 
apparatus, which is like a general personal computer. The card issuing apparatus is comprised of a 
keyboard 30, a CRT monitor 32, a floppy disk unit 34, a printer 36, and the like. A slit 40 for the IC card to 
be inserted through is located under a disc inlet 38 of a floppy disk unit 34. Rg. 4 shows a block diagram of 

70 an Internal circuit of the card issuing apparatus. The issuing operation of the card is performed under the 
control of a control circuit 48 including a CPU 42. a ROM 44 and a RAM 46. The keyboard 30. the CRT 
monitor 32, the floppy disk unit 34, and the printer 36 are connected to the CPU 42. The card 10 t inserted 
through the slit 40, is electrically connected to an IC card reader/writer 50. With this connection, data is 
transferred between the circuit of the card 10 and that of the card issuing apparatus. 

15 Rg. 5 shows a longitudinal cross sectional view of a card transport path ranging from the siit 40 to the 
IC card reader/writer 50. The transport path is a slit defined between a pair of upper and lower guides 52 
and 54. Transport roller pairs 55, ... are equidistantiy disposed along the guides 52 and 54. The distance 
between the adjacent transport roller pairs 55 and 55 is equal to the length of the IC card as viewed in the 
card transport direction. With such an interval between the roller pairs, the card can be smoothly moved 

zo through the card transport path between the guides 52 and 54. 

The card issuing operation of the card issuing apparatus thus arranged will be given below. An operator 
(as a card issuer) inserts a new IC card, on which the zone access controller 22 has not yet written a zone 
access table, into the slit 38. Then, the IC card is put into the card issuing apparatus and transported 
therein until the connector 12 is connected to a terminal {not shown) of the IC card reader/writer 50. When 

25 the connection is detected, the control circuit 48 directs the CRT monitor 32 to form a zone access table. 
More specifically, a zone No., a head address and a zone size in each zone are displayed on the CRT 
monitor 32 to request the operator to input an access person flag, a terminal flag, and an output condition 
flag. In response to the request, the operator inputs these flags. The flags as input are written, in the form of 
the above zone access table, into the zone access controller 22 of the IC card 10, through the CPU 42 and 

30 the IC card reader/writer 50 in the card issuing apparatus, and the CPU 20 in the card 10. Upon completion 
of the programming of the zone access table, an operator writes a password of an issuer and an owner into 
a predetermined memory area of the zone access controller 22. At this point, the card issuing operation is 
completed. 

Generally, the IC card thus issued is owned by an owner, and is used at user terminals of banks (e.g. 

35 automatic cash depositing/withdrawing machine), for example, for depositing or withdrawing money. The 
user terminal also has, substantially, the same construction as that of the card issuing apparatus. The CPU 
of the user terminal is connected to a host computer through a data communication cable. At the user 
terminal, after insertion of the IC card, a password is input by an card ov/ner. It is sequentially checked 
whether or not each zone is accessible by the user terminal and the owner. Then, only the accessible zones 

<o are open to use by the owner. 

As described above, the memory area of the IC card is segmented into a plurality of zones in the stage 
of its manufacture. In each zone, the access condition can be set at the time of card issuance. Therefore, 
the IC card has greater versatility in use. The access condition may include an assortment of access people 
and a type of user terminal device as well, or a combination of them. Therefore, protection of the data can 

45 be ensured. In addition to the access condition, the way of encryption or the presence or not of the 
encryption can also be set. In this respect, the portable data storing/processing device of this embodiment 
has a good versatility in use. 

A second embodiment of a portable data storing/processing device according to the present invention 
will be given. In the first embodiment, a password of the user must be given when the card is used. In the 

so second embodiment, the IC card is usable with a terminal device requiring no password verification, that is, 
in cases where the access condition for each user is not necessary. This can be realized by modifying the 
zone access table as shown in Table 3. 
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The bits D1, D2 and D3 of a password verification flag D respectively correspond to a card maker, a 
card issuer and a card owner, as in the case of the bits of the access person flag A. If the bits of the 

20 password verification flag D are "1", the password verification for that person is required. If these are "0". 
no password verification for that person is required. The items other than the password venfication flag are 
the same as those in Table 1. In Table 3, * indicates that either "0" or "1" is allowed for the bits. As seen 
from Table 3, the zones Nos. 1 to 3 require the inputting of a password since password verification must be 
performed. The zone No. 4 requires no password verification for any person. 

25 in issuing the IC card in this embodiment, the zone No., the head address, and the zone size for each 
zone are displayed by the CRT monitor 32 as in the first embodiment to cali upon an operator as a card 
issuer to input an access person flag, a terminal flag, an output condition flag, and a password verification 
flag. The access person flag, the terminal flag, the output condition flag, and the password verification flag 
as input from the keyboard 30 are programmed into the zone access controller 22 in the form of the above- 

30 mentioned zone access table, through the CPU 42. the IC card reader writer 50, and the CPU 20 in the card 
10. 

The IC card requiring no password verification may be used as time cards for employees, tickets for 
playland, telephone cards, etc. If it is used as the ticket or telephone cards, the data representing a 
predetermined amount of money is stored in the memory. Every time it is accessed, the data of a 
35 necessary amount of money is subtracted from the previously stored data. 

In the above-mentioned embodiments, individual EEPROMs are used for the memory and the zone 
. access controller, respectively. A single EEPROM may be used for them. In this case, different addresses 
are assigned to them, respectively. Other memory components such as PROM. ROM. RAM. etc. may be 
used in place of the EEPROM. While the portable data storing/processing device is shaped like a card in 
40 the above-mentioned embodiments, the present invention may be embodied in a coin like configuration. 
Further, it is applicable for a ball point pen, a wrist watch, etc. Thus, any configuration is allowed for 
embodying the present invention, if it allows the portability of the device thus configured. 

As described above a memory area is segmented into a plurality of zones. In each zone, any access 
condition can be set. Therefore, the portable data storing/processing device according to the present 
45 invention is versatile in use, and can reliably ensure data protection. This versatility allows a mass 
production of the portable data storing/processing devices, thus resulting in a cost reduction of the devices. 

Claims 

so 1. A portable data storing/processing device which is connectable through a terminal device to a main 
data processing device, comprising: 
a portable main body (10); 

memory means (24) of which memory area is segmented into a plurality of zones for storing data 
supplied to said main body (10); and 

55 

access control means (22) for storing an access condition for each zone of said memory means (24) to 
control the access to each zone, wherein said access control means further stores an output condition 
to decide whether or not the data is encrypted before the data in said memory means is output. 



5 



EPO 152 024 B1 



2. A portable data storing/processing device which is connectable through a terminal device to a main 
data processing device, comprising: 
a portable main body (10); 

memory means (24) of which memory area is segmented into a plurality of zones for storing data 
5 supplied to said main body (10); and 

access control means (22) for storing an access condition for each zone of said memory means (24) to 
control the access to each zone, wherein said access control means further stores an access condition 
to represent whether or not a password must be verified before access of said memory means. 

w 3. A device according to claim 1 or 2. characterized in that said access condition is an assortment of 
access people. 

4. A device according to claim 3, characterized in that said access control means identifies a person by 
his password. 

15 

5. A device according to claim 1 or 2, characterized in that said access condition is a typo of terminal 
device. 

6. A device according to claim 1 or 2. characterized in that said access condition is a combination of an 
20 assortment of access people and a type of terminal device. 

7. A device according to claim 1 or 2, characterized in that said portable data storing/processing device is 
an integrated circuit card. 

25 8. A device according to claim 1 or 2, characterized in that said terminal device comprises: 

access condition writing means (48) for segmenting said access control means (22) into zone areas, 
each corresponding to said zones of said memory means (24), and for writing access conditions for 
said plurality of zones of said memory means (24) respectively into said zone areas of said access 
control means (22), so that the area of said memory means (24) is segmented into zones of desired 

30 sizes. 

9. A device according to claim 8, characterized in that each of said zone areas of said access control 
means (22) segmented by said access condition writing means (48) stores a head address and the size 
of said zone of said memory means (24). 

35 

10. A device according to claim 1 or 2, in which said memory means (24) comprises a first nonvolatile 
memory and said access control means (22) comprises a second nonvolatile memory. 

Revendlcations 

40 

1. Dispositif portatif pour la memorisation/ le traitement de donnees qui est connectable par Tintermediaire 
d'un terminal k un dispositif central de traitement de donnees. comprenant: 

un corps principal portatif (10); 

un moyen a mdmoire (24) dont un secteur de mSmoire est segmente en un ensemble de zones pour 
45 memoriser des donnees fournies audit corps principal (10); et 

un moyen de commande d'acces (22) pour memoriser une condition d'acces pour chaque zone dudit 
moyen a memoire (24) afin de commander I'acces a chaque zone, dans lequel ledit moyen de^ 
commande d'accfes memorise en outre une condition de sortie pour decider si les donnees sont ou non 
chiffrees avant que les donnees contenues dans ledit moyen k memoire soient sorties. 

50 

2. Dispositif portatif pour la memorisation/ le traitement de donnees qui est connectable par I'intermediaire 
d'un terminal k un dispositif central de traitement de donnees, comprenant 

un corps principal portatif (10); 

un moyen a memoire (24) dont un secteur d memoire est segmente en un ensemble de zones pour 
55 memoriser des donnees fournies audit corps principal (10); et 

un moyen de commande d'acces (22) pour memoriser une condition d'acces pour chaque zone dudit 
moyen a memoire (24) afin de commander I'acces k chaque zone, dans lequel ledit moyen de 
commande d'acces memorise en outre une condition d'acces pour representor si un mot de passe doit 
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ou non etre v£rifi6 avant un accfcs audit moyen a mgmoire. 

3. Disposilif selon I'une queiconque des revendications 1 et 2. caracterise en ce que ladite condition 
d'acces est un classement d'acces par des gens. 

5 

4. Dispositif selon la revendication 3, caract£ris£ en ce que ledit moyen de commande d'acces identifie 
une personne par son mot de passe. 

5. Dispositif selon Tune queiconque des revendications 1 et 2, caracterise en ce que ladite condition 
10 d'accfcs est un type de terminal. 

6. Dispositif selon I'une queiconque des revendications 1 et 2. caracterise en ce que ladite condition 
d'acces est une combinaison d'un classement d'acces des gens et d'un type de terminal. 

is 7. Dispositif selon I'une queiconque des revendications 1 et 2. caractdrise en ce que ledit dispositif 
portatif de memorisation/ traitement de donnees est une carte de circuit integre. 

8. Dispositif selon I'une queiconque des revendications 1 et 2, caractSrisS en ce que ledit terminal 
comprend: 

20 un moyen d'ecriture de condition d'acces (48) pour segmenter ledit moyen de commande d'acces (22) 
en secteurs de zones, chacun correspondant auxdites zones dudit moyen a memoire (24). et pour 
ecrire des conditions d'acces pour ledit ensemble de zones dudit moyen a memoire (24) respective- 
ment dans lesdits secteurs de zones dudit moyen de commande d'accfcs (22), de telle sorte que le 
secteur dudit moyen a memoire (24) est segmente en zones de capacites voulues. 

25 

9. Dispositif selon la revendication 8. caracterise en ce que chacun desdits secteurs de zones dudit 
moyen de commande d'accfes (22) segmente par ledit moyen d'ecriture de condition d'accfes (48) 
memorise une adresse de tete et la capacite de ladite zone dudit moyen a memoire (24). 

30 10. Dispositif selon Tune queiconque des revendications 1 et 2, dans lequel ledit moyen S memoire (24) 
comprend une premiere mdmoire remanente et ledit moyen de commande d'acces (22) comprend une 
deuxieme mSmoire remanente. 

Anspriiche 

35 

1. Tragbare Vorrichtung zum Speichern und Verarbeiten von Daten, die uber eine Anschlu/Jvorrichtung mit 
einer Hauptdatenverarbeitungsvorrichtung verbindbar ist, mit: 

einem tragbaren Hauptkorper (10); 

einer Speichereinrichtung (24), deren Speicherbereich in eine Vielzahl von Zonen zum Speichern von 
40 zum Hauptkorper (10) zu speisenden Daten segmentiert ist; und 

einer Zugriffsteuereinrichtung (22) zum Speichern einer Zug riff bed ingung fur jede Zone der Speicher- 
einrichtung (24), urn den Zugriff zu jeder Zone zu steuern, wobei die Zugriffsteuereinrichtung weiterhm 
einen Ausgangszustand speichert, urn zu entscheiden, ob die Daten verschlusselt werden Oder mcht, 
bevor die Daten in die Speichereinrichtung ausgegeben werden. 

45 

2. Tragbare Vorrichtung zum Speichern und Verarbeiten von Daten, die uber eine Anschlu/3vornchtung mit 
einer Hauptdatenverarbeitungsvorrichtung verbindbar ist, mit: 

einem tragbaren HauptkSrper (10); 

einer Speichereinrichtung (24), deren Speicherbereich in eine Vielzahl von Zonen zum Speichern von 
so zu dem Hauptkorper (10) zu speisenden Daten segmentiert ist; und 

einer Zugriffsteuereinrichtung (22) zum Speichern einer Zugriffbedingung fiir jede Zone der Speicher- 
einrichtung (24), um den Zugriff zu jeder Zone zu steuern. wobei die Zugriffsteuereinrichtung weiterhm 
eine Zugriffbedingung speichert, um wiederzugeben, ob ein Kennwort vor einem Zugriff der Speicher- 
einrichtugn verifiziert werden rnuG oder nicht. 

55 

3. Vorrichtung nach Anspruch 1 oder 2, dadurch gekennzeichnet. dafl die Zugriffbedingung eine Auswahl 
von Zugriffvolk ist. 
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4. Vorrichtung nach Anspruch 3, dadurch gekennzeichnet, da/3 die Zugriffsteuereinrichtung eine Person 
durch ihr Kennwort identifiziert 



5. Vorrichtung nach Anspruch 1 oder 2. dadurch gekennzeichnet, da/5 die Zugriffbedingung die Art einer 
Anschlu/Jvorrichtung ist 

6. Vorrichtung nach Anspruch 1 oder 2, dadurch gekennzeichnet. daB die Zugriffbedingung eine Kombina- 
tion einer Auswahl von Zugriffvolk und einer Art der AnschlujSvorrichtung ist. 

7. Vorrichtung nach Anspruch 1 oder 2, dadurch gekennzeichnet daB die tragbare Vorrichtung zum 
Speichern und Verarbeiten von Daten eine integrierte Schaltungskarte ist. 

a Vorrichtung nach Anspruch 1 oder 2, dadurch gekennzeichnet, daJS die Anschlu/Jvorrichtung umfaBt: 
eine Zugriffbedingungschreibeinrichtung (48) zum Segmentieren der Zugriffsteuereinrichtung (22) in 
Zonenbereiche, deren jede den Zonen der Speichereinrichtung (24) entspricht, und zum Schreiben von 
Zugriffbedingungen fur die Vielzahl von Zonen der Speichereinrichtung (24) jeweils in die Zonenberei- 
che der Zugriffsteuereinrichtung (22), so da/3 der Bereich der Speichereinrichtung (24) in Zonen von 
gewGnschten Grflflen segmentiert ist. 

9. Vorrichtung nach Anspruch 8, dadurch gekennzeichnet, da/? jeder der Zonenbereiche der Zugriffsteuer- 
einrichtung (22), der durch die Zugriffbedingungschreibeinrichtung (48) segmentiert ist. eine Kopfadres- 
se und die GrQ/te der Zone der Speichereinrichtung (24) speichert 

10. Vorrichtung nach Anspruch 1 oder 2, dadurch gekennzeichnet. dai3 die Speichereinrichtung (24) einen 
ersten nicht-flQchtigen Speicher aufweist und die Zugriffsteuereinrichtung (22) einen zv/eiten nichtflUch- 
tigen Speicher umfaflt. 
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FIG. I 
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